Below is the log format 😞 log sample)
ID swipe_status date time location
362558 SwipeIn 2017-01-01 05:00:00.466 USA
Index = Swipe_index
Really hard to explain without the relevant data. However:
All your queries can be written using "transaction" command. https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Transaction
Really hard to explain without the relevant data. However:
All your queries can be written using "transaction" command. https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Transaction